Follow @NU_ITtech on Twitter

Twitter users may be glad to know that we now have an official Twitter account for the technical teams in ISS – @NU_ITtech. As with any new account, it’s going to take a while to get up to speed, but you can expect the sort of content that you get from this blog (only in 140 characters or less), along with other short-form content, including any links that we think are worth checking out. This feed is squarely aimed at technical staff, although some content may be interesting to a wider audience.

This isn’t going to be a one-way channel, so please treat it as a conversation (bearing in mind that it’s completely public and there are some things that shouldn’t be for security reasons).

There is also a more user-focused account for information and tips about ISS services and IT in general at the University – @NU_ITservice.

Secure destruction of data

We’ve recently been asked how we dispose of our hard disk drives/tapes while ensuring that sensitive data is protected.  Depending on the nature of the data we use a 2 stage method.

Media for disposal or reuse within the University

Hard disks are wiped using the freely available DBAN. I’ll use their own description of the software:

Darik’s Boot and Nuke (“DBAN”) is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction. DBAN is a means of ensuring due diligence in computer recycling, a way of preventing identity theft if you want to sell a computer, and a good way to totally clean a Microsoft Windows installation of viruses and spyware.

Tapes are erased using the built in library features. Completing this stage would make media suitable for internal transfer and reuse within the University.

In order to use DBAN yourself you simply need to burn a copy of the ISO which creates a bootable CD/DVD. After that simply follow the on screen instructions.

Disposal (WEEE)

If the media holding the data is to be disposed of or recycled the University has a contract for WEEE contractor- www.secondbyteit.co.uk.

Second Byte provide Hard drive erasure and Certificates of data destruction. Each piece of equipment is given a reference by the contractor and certificates of destruction are provided. These are stored electronically centrally.

Hard drives are removed from machines during booking in, placed in secure containers and moved to a separate area of their warehouse. Only specific members of staff are allowed to handle hard drives. All hard drives are sanitized again using DBAN working to DOD 5220.22-M with 7 passes even if clients have sanitized them or if they have asked for disposal. All hard drives that clients have asked to be destroyed are recycled after being sanitized.

Any tapes or other media are physically destroyed certificates of destruction provided.

Our Journey to the Cloud (Office 365): Part 1 – Introduction

Newcastle University has made the decision to move some of its Student email services to the cloud using Microsoft’s Office 365 platform.  We have decided to share our journey as we go through it explaining the reasons why along with detailed technical information which we hope may be of use to other institutions.

Introduction

The University’s current undergraduate (UG) and postgraduate taught (PGT) student Email hosting service resides upon a mature ISS hosted Exchange 2007 platform that is four years old. The hosting hardware will reach end of life during 2012. ISS planned to review student Email hosting options as this hardware approached end of life with a view of comparing an internally provisioned replacement service against a Cloud based solution or the “no provision” option.

The University’s current Email hosting provision is split into two services, one for UG/PGT and the other for staff/PGR. The UG/PGT service serves over 30,000 student mailboxes with an overlapping group of graduating students where mailboxes are retained for a period of time post-graduation. The current staff Email hosting platform serves around 10,000 staff and postgraduate research (PGR)   mailboxes. Both staff and student hosting platforms are inter-linked using Microsoft Active Directory which permits a seamless integration of calendaring, address list and message tracking functionality.

The Email hosting platform for UG/PGT resides upon six servers and six directly attached disc arrays (each with 12 mirrored hard discs). The servers are deployed in an active/passive configuration between two data-centres (that is although data is replicated between the two data-centres, only servers in one data-centre provide service to students at any one time). Student access to the service is via Outlook Web Access and personal mobile devices only. UG/PGT students have a quota of 200MB, although they cannot send Email when a 150MB limit is reached.

Choices

We believed there were three alternatives for UG/PGT Email hosting provision: in-house; outsourced to the Cloud; no provision.

In-house Provision

ISS estimate that the non-staff cost of replacing the current UG/PGT hardware platform in 2012 will require a capital investment of £160K with a recurrent element of £5K pa. The electrical usage and carbon impact of in-house provision is estimated to be 68,000 KWh and 36,500 Kg of CO2 pa. In addition to this, staff costs must be taken in to account.

Cloud Provision

Both Microsoft and Google provide their respective services to education establishments free at the point of use Other cloud-based options are available, generally with different services levels, but at a financial cost to the institution.

No Provision

The final alternative is that the University does not provide any Email hosting facilities to UG/PGT students. Given nearly all students arrive at the University with an existing personal Email account (e.g. Yahoo, Gmail, and Hotmail), does the University need to provide another Email account for UG/PGT students to monitor and use? To ease communications between staff and students, the University could provide a forwarding service whereby a @ncl.ac.uk Email address is available for each student that simply forwards to their personal Email account, such forwarding addresses made available in the University’s global address list.

Microsoft vs Google

Microsoft’s current Cloud service in the education arena is branded as “Live@Edu”; Microsoft plan to upgrade and re-brand the offering as “Office 365 for Education” early in 2012. Given the timescales only the “Office 365 for Education” offering will be discussed. It offers (to students):

  • Online version of Microsoft Exchange 2010;
  • 25GB Email quota
  • Office Web Apps (online versions of Microsoft Word, Excel, PowerPoint and OneNote);
  • Instant messaging/video conferencing via Lync Online;
  • Collaborative web sites via SharePoint Online;
  • Linkage with the University’s Active Directory infrastructure to permit calendaring and address list integration between the University’s staff/PGR Email infrastructure and Office 365 for Education;
  • Secure use of University authentication system (students will use their Campus password);
  • Use post-graduation facilitating alumni communications.

Google

The Google Cloud service in the education arena is branded “Google Apps for Education”. It offers:

  • Online version of Gmail;
  • 25GB Email quota and 1GB of storage for Google Docs;
  • Google Docs (online word processor, spread sheet and drawing packages);
  • Instant messaging via Google Talk;
  • Collaborative web sites via Google Sites;
  • Secure use of University authentication system (students will use their Campus password);
  • Use post-graduation facilitating alumni communications.

The Decision

Both Microsoft and Google provide similar functional offerings. The primary differentiators between the offerings are the integration with the University’s infrastructure and, from a student experience perspective, the familiarity of the Online Office applications compared to those currently deployed on student cluster desktops.

Following consultation with student representatives and the University Teaching, Learning and Student Experience Committee, Strategic Information Systems Group agreed to proceed with a project based upon Microsoft Office 365.

NEXT: Our Journey to the Cloud (Office 365): Part 2 – Technical Overview

Pass phrases

Pass-phrases are more memorable and more secure than passwords. I suggest you use them, although not “correct horse battery staple”. Use CAPITALS, punctuation & numbers, but not in place of letters – you aren’t as 1337 as you think you are 😉

Free ebook: Security and Privacy for Office 2010 Users

Responsibility for data security has to be shared among all the members of an organisation. We always have security in mind whenever we put services into production, and the hope is that we build things in such a way that end users only need to apply common sense to avoid breaches.

Having said that, it’s not possible to be too aware of the issues around security and privacy, so it’s not a bad idea for people to read this ebook by prolific author Mitch Tulloch. It’s aimed at the group of people that Microsoft calls “Information Workers”, but what that really means in this instance is any user of Microsoft Office or Office 365.

  • Get practical, proactive guidance for using the security and privacy management features in Office 2010 and Office 365
  • Walk through everyday scenarios, and discover everyday techniques that help you take charge
  • Understand common risks and learn best practices you can apply right away

You can see more details at the O’Reilly site, or just go and grab the free PDF from http://download.microsoft.com/download/F/F/2/FF2EECEE-397A-45B9-83A4-821243F8DFFD/668836ebook.pdf

Learn PowerShell in a series of free Live Meetings

On Monday 12th March, Ed Wilson, the Microsoft Scripting Guy, is starting a week of free Live Meetings to get beginners up to speed with Windows PowerShell. The live sessions are at 10am(Pacific) each day, so that’s 7pm to us, but they’ll also be recorded and available at the TechNet Script Center’s Learn PowerShell page, where you can already find some great content.

The Windows PowerShell for the Busy Admin series covers the following:

Session 1PowerShell SmowerShell or: Why Bother to Learn Windows PowerShell

In this session, Microsoft Scripting Guy ,Ed Wilson, discusses the fact that in addition to being the management future for Microsoft products, Windows PowerShell offers a number of compelling reasons for learning it. These reasons include the following: it is powerful and provides the ability to collect and to consolidate information from multiple remote systems into a centralized view of the data. It is safer than many other tools, and offers the ability to prototype a command prior to the command execution. There is also a confirmation mode that will allow a network administrator or other IT Pro the ability to selectively step through a group of commands to cherry pick commands to execute or ignore. Windows PowerShell also has built in logging that provides documentation of not only what commands are executed, but the resultant output from those commands. In addition, Windows PowerShell contains numerous features to promote a high level of discoverability and intuitive usability. This session is heavy with practical tips and demonstrations.

Session 2Heard It Through the Pipeline or: How to Compound PowerShell Commands for Fun and Profit

One of the most basic and one of the most powerful features of Windows PowerShell is the pipeline. By using the Windows PowerShell pipeline, one can take a basic set of cmdlets and build a nearly infinite assortment of useful commands. And yet, all of this boils down to using the pipeline to perform essentially four types of activities. The first is to use the pipeline to retrieve items and to work on them. The second is to use the pipeline to filter out data. The third basic use of the pipeline is to persist information. Lastly, the use of the pipeline to format output. In this session, all four basic uses of the pipeline are covered with a heavy dose of demos.

Session 3Sole Provider? Not Hardly or: A Look at Windows PowerShell Providers

One of the revolutionary concepts in Windows PowerShell is the idea of PowerShell providers. Windows PowerShell providers provide a singular way to access different types of data that are stored in different locations. Default providers include a file system, registry, alias, variable, function, and environmental variable. This means that one can use Get-Item to access content stored in any of these locations. Not only that, but these providers are extensible, which means that Microsoft teams (and non-Microsoft developers) can create additional providers.

Session 4The Main Event or: PowerShell Does Event Logs

Regardless of one’s position, it seems that at some point or another everyone will be involved in looking at event logs. And why not…especially since Windows has such great logging support. Whether it is for security reasons, troubleshooting reasons, or general Windows health monitoring, the logs contain nearly all of the required information one seeks. In this session, Microsoft Scripting Guy, Ed Wilson, discusses the classic and the newer ETW style of logs, and looks at the tools that are used with each type of log.

Session 5More than Remotely Possible or: Using PowerShell to Manage the Remote Desktop

Let’s face it, even though there are lots of commercial products out there that assist in managing desktops,or servers, most are very complex, and they require a dedicated support team to manage them. Even in organizations where such tools exist, the teams agenda, and the front-line admin’s agenda often clash. For adhoc situations, using Windows PowerShell to manage remote machines fills-in the gray area. In this session, Microsoft Scripting Guy, Ed Wilson,discusses using Windows PowerShell to manage remote machines.

I’d encourage anyone who hasn’t already begun, to learn PowerShell before it’s too late!

Microsoft IT Pro Camp, Newcastle, 27th March

Over the coming months, Microsoft are running events for IT professionals across the length and breadth of the UK, including a return to the North East. I went to the Microsoft Campus last week and had a taste of the new format, which is unlike the TechNet presentations of the past. These events are smaller and very interactive – there’s a real opportunity for attendees to shape the topics covered throughout the day.

As I said, these are smaller events, so you need to get registered fast! Here are all the details from Microsoft:

Event: Consumerisation of IT/ Manage consumer devices on a corporate network
Date: 27th March 2012
Location: Novotel Newcastle Airport, Ponteland Road, Kenton, Newcastle upon Tyne
Register: https://msevents.microsoft.com/cui/EventDetail.aspx?culture=en-GB&EventID=1032505034&IO=88vhg0ori7Fgb3FFMm3Ftw%3d%3d

This year the UK Tech.Days team have changed the format of our traditional Tech.Days theatre events into a series of ‘Boot Camp’ style seminars. The aim of these is to allow IT Professionals to have more discussion time with evangelists like Andrew Fryer, and each other to share common problems and solutions – and we’re looking for your help to share these with your users.

The Newcastle Event will host approx. 70 people with a mixture of discussions and practical demonstration. Although there will be a loose agenda, it will be PowerPoint-free event, allowing the hosts to focus on the questions that our guests ask.

For the event in Newcastle, we will be focusing on the Consumerisation of IT:
– How key Microsoft technologies such as System Center 2012, SharePoint 2010, Windows Server 2008R2, Exchange 2010 or Office 365 and Windows 7 come together to help you deliver flexibility and support for devices and desktops.
– How to use the latest tools to manage your estate, deliver applications flexibly, manage devices such as iOS and Android as well as Windows, implement IP Sec, reduce anti-malware costs, implement Direct Access and secure remote access.
– We’ll also help you think about what you need to build into a “Bring your own device” or BYOD policy.

Registrations are now open and can be found here

Imagine Cup North East

For the last couple of weeks I’ve been helping behind the scenes with Imagine Cup North East. If you’ve never heard of the Imagine Cup it’s an annual student competition run by Microsoft to build technology solutions to address real-world problems, and this year two great local organisations promoting digital industries, Codeworks and Sunderland Software City, have teamed up to run a regional heat.

This week students from Newcastle, Northumbria, Sunderland, Durham and Teesside universities and local colleges will be attending taster and information events (in Newcastle and Middlesbrough), where Microsoft’s Ben Nunney will be on hand to discuss the finer points of the competiton.

The competition is a great opportunity for students to work on a project outside of their studies (looks good on the CV, etc) and it should be good fun too, with a 36 hour hack event later in the month. Of course there’s also the possibility of a trip to the global finals in Australia to aim for too!

If you’re a current student (or graduated in the last year) there’s still time to get involved, and if you aren’t eligible to take part, you should still be able to support the teams at a future NEBytes event. Head to the Imagine Cup North East site, the Facebook page, and follow @ImagineCupNE on Twitter to keep up with all the goings-on.

Updated the Information security guidance on the ISS website + InfoSec Workshops

There is now updated information security guidance on the ISS web site.

This new guidance, along with a printer-friendly desktop companion, can be accessed here

Published information includes…

  • Understanding Information Security
  • Accessing ICT Services
  • Protecting your data and devices
  • Encryption
  • Scam Emails
  • Email and Internet
  • Protecting ICT services

A web link is also provided to the University’s Information Security Policy.

This guidance is aimed at all users of ICT across the University. More technical guidance for ICT personnel will be published in the near future and will be based on the feedback received through the planned Information Security Workshops.

The information security workshops for computing officers will be taking place on the dates and times shown below. If you are interested in attending, please reserve your place using the links:

The workshops will take place in Claremont Tower, room 701. Please see the attachment for more information.

1. InfoSec Workshop, Mon 19 March, 09:30 – 11:30
2. InfoSec Workshop, Wed 21 March, 09:30 – 11:30
3. InfoSec Workshop, Mon 26 March, 09:30 – 11:30
4. InfoSec Workshop, Wed 28 March, 09:30 – 11:30

http://www.ncl.ac.uk/iss/support/security/